from the is-nothing-sacred? dept

Back in September, it was reported that the UK's equivalent of the NSA, GCHQ, had gleefully hacked Belgacom, the Belgian telco, using a "quantum insert" to plant malware on the computers of key engineers at the company. At the time, it was described as follows:

According to the slides in the GCHQ presentation, the attack was directed at several Belgacom employees and involved the planting of a highly developed attack technology referred to as a "Quantum Insert" ("QI"). It appears to be a method with which the person being targeted, without their knowledge, is redirected to websites that then plant malware on their computers that can then manipulate them. Some of the employees whose computers were infiltrated had "good access" to important parts of Belgacom's infrastructure, and this seemed to please the British spies, according to the slides.

Over the weekend it appears that Der Spiegel published a further report by Laura Poitras on this hacking, which revealed that the spoofed websites used to install this malware were none other than Slashdot and Linkedin. Interesting choices.

So, it sounds like they did a man-in-the-middle attack, redirecting very specific visitors from those two sites to sites that planted malware instead. I wonder if LinkedIn (which is already involved in a lawsuit over the NSA stuff) and Slashdot have any legal basis to go after the government for effectively attacking their servers?

interesting

I wonder if LinkedIn (who is already involved in a lawsuit over the NSA stuff) and Slashdot have any legal basis to go after the government for effectively attacking their servers?

I wonder if this reflects your general knowledge of law. You can't sue the Federal Government (for causes other than those specifically mentioned in the Federal Tort Claims Act, which is reserved for negligence by government employees) under a thousand-year-old doctrine called "Sovereign Immunity." Which every law student learns about in year one.

You particularly can't sue law enforcement for damages created by law enforcement activities. Go ahead, check Lexis/Nexis--you won't find a case.

Those who take legal claims made on this site seriously should keep this in mind next time around...

Re: interesting

Not only that, but the fraud is perpetrated on a third party: Linkedin and Slashdot can't show any "evidence of real harm"* so their standing seems weak.

BUT the larger points are: DON'T TRUST ANYTHING ON THE NET TO BE REAL. -- AND THE MICROSOFT MONOPOLY FACILITATES SPYWARE. (If only by its buggy common "features". And all other major OSs do too: they're designed to.) -- Far larger than security agency menace is rampant malware, almost NONE of which is ever hunted down by the agencies that could. Right now there's a particularly obnoxious ransomware which locks files, and it'd be easy for security agencies to trace the payments, but do they? Hell no.

Re: Re: interesting

...Microsoft hasn't had a monopoly in YEARS. In the 90's yes, they were as close to a monopoly as you could get in the home computing environment, but nowadays they have extremely stiff competition from Apple and iOS, and hopefully Valve will help jumpstart the home Linux computer with their SteamOS. As for security agencies tracing the payments...wouldn't that fall under the purview of law enforcement? If my computer gets ransomware, I don't call the nearest spy agency, I call the cops.

Re: Re: Re: Re: interesting

Okay, seems I pulled an OOTB and I was talking out of my ass. I looked up some market statistics and collectively (counting all versions of Windows), Microsoft controls 89-90% of the market, as reported by netmarketshare.com.I retract my claims, given the evidence on hand.

Re: interesting

I wonder if this reflects your general knowledge of law. You can't sue the Federal Government (for causes other than those specifically mentioned in the Federal Tort Claims Act, which is reserved for negligence by government employees) under a thousand-year-old doctrine called "Sovereign Immunity." Which every law student learns about in year one.

There are ways to make points without being an insufferable asshole.

Here, let me give you an example. Given the statement above, I *could* reply as follows:

I wonder if this reflects your general knowledge of Techdirt and search engines. You can easily see that we know about sovereign immunity by doing a simple search, under decades old concept known as "the search bar." Which every internet user learns about on day one. Also your citations are to the US, when this is the UK -- which also has something similar, sometimes referred to as Crown Immunity, but which has clear exceptions.

You particularly shouldn't make obnoxious claims that are easily proven false by a simple search. Go ahead, check the search bar for "sovereign immunity." You'll find plenty of stories.

Those who take any claims made by this commenter seriously should keep this in mind next time around...

But, of course, that would be really obnoxious and uncalled for. Instead, I'd suggest an approach like the following one:

Yes, we're aware of sovereign immunity, but as you too are aware, lawsuits are filed against governments all the time, and while the governments would certainly claim sovereign immunity, that does not always work. But, more to the point, I *asked* the general question because I wasn't sure if there would be a way for there to be a way around sovereign immunity in *this* particular case. You claim there is not. I asked because I figured some people might have other ideas.

Separately, since all your citations are under US law, and the UK rules under Crown Immunity are somewhat different, I was curious to see if someone more knowledgeable about UK law in particular would have an opinion on the matter, because I admit that I am not an expert on UK law, or the law in general. Nor have I ever claimed to be.

Re: Re: interesting

@ "Mike Masnick": "There are ways to make points without being an insufferable asshole."But you chose to be "an insufferable asshole" and don't actually counter the point.

Further, when I've complained here about actually being threatened with physical violence by one of your fanboys, besides my screen name being falsely used, besides the generally hostile environment here, YOU'VE DONE NOTHING, not even the most general statement that's not tolerated here. You take the position that you're not responsible for such comments, just dodging. But when some AC (and you know who it is by looking at IP etc), makes a valid point that pricks your arrogant little bubble, you go into schoolmarm mode -- and then just blather.

Re: Re: Re: interesting

" actually being threatened with physical violence by one of your fanboys"

Care to provide proof of someone making a believable direct threat to your person? If you quote my line about wishing I was like Atticus Finch, that was me merely expressing a fantasy, not a statement that I was actively going to go out and shoot you.No-one on this site (besides Mike, whom if I recall correctly, has said in the past he has a very strong suspicion) knows who you are. We will never know who you are, nor do we care to know who you are. Without that very important piece of information, it is impossible for a rational human being to believe that there real legitimate threats made against you. Then again, you're not rational are you?

Any re-direct can do this.

And guess which search engine has for a couple years now re-directed all search term clicks through its own server? -- That's right! Your "friend" Google! -- ANY re-direct* can send you to any other site invisibly: just do its own call to get the site, process the HTML however wanted, then supply the fake. Can be a bit tricky to handle all cases invisibly, but Google has the resources to do it, even fake up linked sites. -- IF for some reason want to.

Point is that you can't trust anything which is generated by computers. -- Nor ANY mega-corporation! You can't trust that Google is supplying what you want or letting you see all the availabe information. Google can censor invisibly by only showing what it wants you to see, as major "news" networks have done for decades. We're at just the start of The Matrix. -- And by the way, don't take either pill because BOTH are from an untrustable source!

[ * Note down here because incidental to main point: Search any term and hover to see the link: it'll be google.com plus the site and a large number of characters, enough to uniquely identify your browser and the search term. -- BUT, here's a key trick: when I tested this incidentally in a modern Firefox, Google.com was stripped from the copied link! That may be why some of you believe it isn't true. But apparently Firefox is in cahoots enough to specially process Google's re-directs. -- Just test it yourself, IF you can see the actual links when hovering over link on a Google search page.]

Re: Re: Re: Any re-direct can do this.

I'm using Ghostery in Firefox; it is reporting 16 blockable things (a mix of advertising, analytics, beacons, and widgets). I experimented a bit with blocking everything; the only one I'm not currently blocking is Gravatar (so I can see all the cute icons people have chosen :-). Even with all things Google blocked, I'm able to read reported comments.

Now, first of all... really, Techdirt? 19 third-party sites need to know that I accessed this page? NINETEEN? Each with their own tracking and vulnerabilities? I get flattr - if I had an account there, I'd enable access. Other than that... you're basically broadcasting your user base to half the 'net :(

Anyway, site works almost perfectly without all those connections. I can't click to view down-modded comments, which does seem to require googleapis (blocking cookies with Ghostery doesn't mean anything for the access itself), but no great loss there.

Re: Re: Re: Any re-direct can do this.

But it is that easy. Don't use google services, and block all access to google servers, and you're done. If that means that you can't use certain websites, your beef is with those websites. Let them know, and move on.

Re: Re: Re: Any re-direct can do this.

Slashdot's comment system hasn't been usable without Javascript (even just for viewing) for several years, at least for anonymous users. A few comments are visible but "click to expand"-type links don't work. If logged-in users can still enable the "classic" comment system they might be able to use NoScript.

Re: Any re-direct can do this.

And of course you don't provide any proof whatsoever about your claims or about the testing you did on a "modern Firefox". Nope. Just your claims. Just like a few articles back when you ran around screaming that judges should just take rights-holders word as fact.

Re: Re: Any re-direct can do this.

@ "Rikuo" -- YOU can test it yourself, sonny, right on your own computer in front of your stoopidly dis-believing mind. I give the method.

Note that the other reply accepts it, just says "so don't use Google", and here's my tagline for that:The phony deal that evil people (and gullible fools) try to force on us: You can't have the benefits of technology unless give up all privacy.

Re: Re: Re: Any re-direct can do this.

I expected you'd say that. I just knew it. You make a claim, don't provide any evidence, then, once I ask where is it, you turn around and say I should do the legwork of verifying YOUR claim. No. That is not how it's done. You make the claim, you do the work of backing it up. Why should I bother verifying what you said? I have absolutely no motivation to do so.

Re: Re: Re: Re: Re: Any re-direct can do this.

No he didn't. He did not follow the scientific method AT ALL.

The scientific method says you notice a phenomena, you conduct tests, then you come up with a conclusion. There's more steps such as publishing your research, but those are the three most basic steps. "I saw something, I conducted tests, I concluded that the tests say XYZ".

OOTB started with the conclusion first, then worked backwards from there. He didn't explain very well what method he used (he just said search, but search where? Google.com's search box?). Did he post screenshots or video? No. All I have is a wall of text of a guy making a claim about Google and expecting everyone else to do the legwork of verifying what he says.

Lastly...assuming he meant searching on Google.com, I did a search for dog. I hovered my cursor over each of the search results. In the bottom left corner of my browser, only one of them did indeed have the google URL, none for cat, none for house. My own research was completely different to OOTB's claims of "Search any term and hover to see the link: it'll be google.com plus the site".

Re: Re: Re: Re: Re: Any re-direct can do this.

"He did."

Not really. He made a claim, but didn't provide evidence of his results. It's a popular troll tactic - make a claim, force others to do the work to prove it wrong, then claim people are lying/not doing it right if they get different results.

Notice how he not only doesn't supply any supporting evidence that what he said happens actually occurs, but he's vague enough about the details (e.g. he says "modern Firefox, not Firefox version 25.0, doesn't say whether he's using a standard install or there's eany extensions installed, etc.), presumably to allow wiggle room if he's proven wrong.

"Dunno what he is jabbering about with regards to Firefox, though."

Me neither, which makes replicating his claims rather difficult, don't you think?

"Regardless, he is speaking the truth. I figure Google does it to track what links you hovered over, or maybe just so they can show you the useless preview image."

Maybe he's telling the truth (yes, there is a hash value between google.com and the search term), but that neither means there's any nefarious reason behind the value nor that he';s forced to use Google in any way.

Re: Re: Re: Re: Re: Re: Re: Re: Any re-direct can do this.

Oh, so duckduck is YOUR answer to ALL of Google's spying across the entire internets.

What about the tracking using javascript -- any scrap of data they can get -- to uniquely identify you? Care to field THAT question? How about googleapis? Do you KNOW anything about how the commercial tracking systems work? It's a bit trickier than just dodging the search page, fool.

Re: Re: Re: Re: Re: Re: Re: Re: Re: Any re-direct can do this.

Re: Re: Re: Re: Re: Re: Re: Any re-direct can do this.

First, so? If you don't want to use Google's link redirection (which I hate), don't click google's link. Copy the text of the URL and paste it into your address bar. Google (and the site you're going to) won't know that you you used Google.

Second, why are you even using Google to search for things in the first place? It seems bizarre to me, given that you have such an extreme hatred for Google.

You can avoid google everywhere by blocking access to their servers. This is easily done using your hosts file. You can find plenty of easy instruction all over the net.

Re: Re: Re: Re: Re: Re: Re: Re: Any re-direct can do this.

First, so? If you don't want to use Google's link redirection (which I hate), don't click google's link. Copy the text of the URL and paste it into your address bar. Google (and the site you're going to) won't know that you you used Google.

Unfortunately, this isn't correct.

If what you mean by "copy the URL" is "right-click on the link and select 'Copy Link Location' or the equivalent", that will just get you the Google-redirect URL.

If what you mean by "copy the URL is "highlight the green-text URL displayed underneath the actual link", although that will work in some cases, there are many cases where it won't. If the actual URL is "too long" to fit in the width of the search-results column, the green-text URL will be displayed with some middle part of the URL elided by an ellipsis.

I spent a good deal of time looking for a way around this problem, specifically so that I could once again "Copy Link Location" and get the actual URL of the search result rather than a redirector. I eventually ended up with a Greasemonkey script for the purpose; nothing else seemed to get the job done.

Re: Re: Re: Re: Re: Re: Re: Any re-direct can do this.

WHAT are you using to search? WHERE are you searching from? Chrome? Firefox? Google Search Page? I don't see any of these results when I use Chrome and Google's search page. Are you using the URL bar in Firefox or IE?

Re: Re: Re: Re: Re: Re: Re: Any re-direct can do this.

In which browser? Which version? Are you copying a standard link or are you looking at sponsored ad links?

Why don't you simply answer the questions posed to you rather than trying to avoid direct queries? I suppose it's unusual for you to answer direct questions in the first place so there's that...

"It's a re-direct. I've removed some of the extra to try and un-unique it"

In other words "I've removed half of what I was whining about and changed the context of my results, so even if someone can prove they get something different to what I claim, I'll still make the same assertions"

Is that about right?

"By the way, "PaulT", tell me how to avoid Google everywhere."

Start by not using Google as your search engine, so that you don't have to post barely coherent whining about how their search results appear. Then, use tools to block their Javascript. Nobody's forcing you to visit sites that utilise Google as their ad platform, etc...

If you find this difficult, there's an off switch on your router. For the sake of everybody on the internet, I suggest you use it.

Re: Re: Re: Re: Re: Any re-direct can do this.

@ Dunno what he [me] is jabbering about with regards to Firefox, though [the AMAZING stripping of Google.com from the link when using right click, "copy link"]. -- I wasn't clear, and YEAH, I didn't believe it, either, just discovered it by accident while playing around with some Linux and the Firefox 20-something as installed. Just clicked "copy link" intending to manually strip google.com crap out, but didn't have to!

And as nicely defended up there: just stated what I found, and it's possible for anyone to test it... If I could remember which was testing, it'd help. Believe was PCLinuxOS 2013.04.

Re: Re: Re: Any re-direct can do this.

"here's my tagline for that:"

...said "tagline" having nothing to do with what you just said, and is equally applicable to any company other than the one you post paranoid rants about. Plus, the fact that you can choose to stop using Google any time you wish still stands.

If you don't like the technology, please stop using it. You clearly don't understand it anyway, since you fail miserably at both logical and factual tests that anyone can apply to your rants.

Re: Re: Re: Re: Re: Any re-direct can do this.

I really don't see how any of us here can be classed as "Google defenders" when we're anything but. I despise Google too, especially with their recent forced usage of Google+ on Youtube...but at least I am able to put things into perspective! You are not. To you, Google is the Internet, it's responsible for all of the evils in the world, no matter the fact it's just a corporation, it's mainly a search engine, it doesn't have the ability to lock people up etc.We get it. Google is scary. So is Bing and Yahoo, who, despite being search engines, you never call out. No, to you, Google is the sole evil corporate entity, because it's the ONLY ONE YOU CONSTANTLY BLATHER ON ABOUT.

Re: Any re-direct can do this.

Oooh, ME, you forgot to mention that Google's re-directs may only be used when javascript is disabled (isn't that a spin term in itself? what means is when you don't allow spyware to run on your own computer!) -- anyhoo, when you let Google use javascript, they don't have to re-direct because almost any site you go to now has Google's javascript there, so it'd be redundant!

Re: Any re-direct can do this.

For crying out loud, isn't Firefox open source? Don't you think someone would notice if they put special Google code in there?

Google has some weird Javascript where a link on the search results page actually starts as a normal link, but changes the link to the Google redirect as soon as it detects a "mousedown" event. If you have something that disables Javascript in whatever version of Firefox you were using, that might explain why you didn't get the redirection link.

If you ask me, it's a bit dishonest to change a link on someone mid-click, but it's not exactly in my top ten complaints about Internet sites either.

2 questions

So it sounds like they did a man in the middle attack, redirecting very specific visitors from those two sites to sites that planted malware instead.

That begs 2 questions:1/ How do GCHQ justify hacking a Belgium telecom company? (other than the standard vague "ZOMG TERRORISTS!!!") 2/ Did they really bother to limit redirecting "specific visitors", or would they have considered it a bonus to install malware on several thousand other computers while targeting what they want?

Re: 2 questions

1. 'Because we could'. Although that's a little too blunt, so they probably did the usual song and dance of 'Well we had the authorization to monitor foreign targets, and we were at least 51% sure that foreign targets might use the service so...'

2. Given to an 'intelligence' agency, 'too much data' is a non-existent phrase unless prefaced with 'there's no such thing as...' yeah, the odds that they only went after specific targets once the system was breached... probably not too high.

so, when the heads of the 3 UK security forces were asked in an investigation last week, headed by Sir Malcolm Rifkin, i believe, and the answered 'NO' to whether their agencies had done anything illegal, they were actually lying? really?

since there hasn't been any further news or reports from that investigation, i assume it was just as big a load of lies and bullshit as the first 'investigation' that was carried out a few weeks earlier?

anyone that actually believed any of the 3 'heads' concerned have more chance of getting the truth out of a dead terrorist! there is no way on Earth they were going to do anything except lie from start to finish! they have been well tuned by the NSA as to what to say so as to get through that investigation and be able to carry on with the same shit, just as the NSA is doing! they even used the same lies about how the UK (USA) has been put in mortal danger because of Snowden. the only danger has been that the public now know even more than before that the governments are going to do what they like, say what they like and be allowed to get away with it. the only way there would have been more honest results would to have had public interest groups run the whole investigation!

Re:

Rifkin didn't say they hadn't done anything illegal.

He said their use of PRISM queries wasn't illegal based on the evidence he had seen (of 197 leads and the warrants against Brits that had led to them). That's a very narrow claim, and only applies to queries on that system (the 'official legal one') that goes to the US and causes a legal request to Google or Yahoo or whatever, and thus require a legalish warrant under RIPA signed by a minister.

So for example, you are a Brit, in Britain. You visit theregister.co.uk, the server for elReg is in London.

That is British to British traffic completely routed inside the UK.

Yet you are spied on by GCHQ because all the fluff on the page (ads, twitter, fb, feeds etc.) comes from servers abroad, and GCHQ makes an effort to collect all of that, even though they know this is illegal for them to monitor that traffic.

They claim they don't need a warrant because they tap it offshore (but we suspect those offshore taps are onshore just tapping the cable as it heads offshore).

In this example, that traffic was Brits & Belgians visiting Slashdot and they used it to target Belgacom netadmins with malware.

Belgacom hack is of course not legal and is an extraditable offence in Europe (I read the penalty is up to 6 years in jail).

Anything done on the 'bulk' collection rule that spies on Brits is clearly a violation. Anytime they got NSA to spy on Brits and hand that data to GCHQ, is a violation. Getting an agent to do your bidding does not make your hands clean.

Snoopers charter was never passed.

Rifkin is the 'light regulation' that GCHQ boasted about to the NSA. Nobody expects any meaningful improvement from him. Just PR.

Government sponsored terrorists are targeting innocent, hard working IT employees of respectable tech companies now? Not only the employees, but also attempting to compromise these companies' infrastructure and security?

Sounds like an act of terrorism to me, or at the very least, an act of industrial espionage!

Not FAKE slashdot, but packet injection...

How it worked is they saw their victim visit LinkedIn or Slashdot, identified them based on their account, and then shot an exploit at them using packet injection. So there was no "fake" slashdot page, just an injected exploit packet.